How to delete a malware for good

i can’t delete a folder “photo” and it has latched itself on every disk: drive C, disk D, disk E. been there for about a while now and i thought of how to clean it but couldn’t, malwarebytes, avast internet security, mcshield. i have these and tried them several times it’s still there. Like it would be gone once you delete it and then come back when you open the folder again ::slight_smile:

https://forum.avast.com/index.php?topic=53253.0

which one do you want me to try? All of avast internet security, malwarebytes, mcshield said it’s clean and that folder is the only thing i can’t delete. (the folder is an application)

It is either a folder or a application.
It can’t be both.
Read and follow the instructions and attach the requested log files to your next post.

I’m guessing it has the Icon of a folder but is actually an application, Eddy.

Oh you mean farbar and aswMBR.exe, sorry, i’ll get on it

the computer showed the blue screen and restarted after aswMBR.exe scan was finished and the net connection is so bad i couldn;t download farbar i could from another site but that one is outdated. I’ll try it again in my free time thanks eddy

hey ed i do have a farbar version which is from majorgeeks and being an old version it’d be useless but since with a bad connection would you give it’s scan ressults anyway

Uploaded the latest versions to my server in case needed:
64 bit version: http://downloads.ache.nl/FRST64.exe
32 bit version: http://downloads.ache.nl/FRST.exe

here.
Oh what a convenience! :smiley: i have been sitting infront of this PC for hours trying to download farbar

I read your reply (#6) and thought that maybe downloading the latest version(s) from my server would be faster.
So, I downloaded the latest versions and placed them on my server and by the looks of it, it did work for you. :smiley:
Now have some patience, a malware removal expert will soon be checking the logs and guide you further.
If not… Oh well, one of them will feel the front of my combat boots somewhere ;D

I already see some problems. One of them is:
Advanced system care
https://forum.avast.com/index.php?topic=153715.msg1117578#msg1117578

yeah thankyou i think it is faster too but when reaching the end why does it say that it might be dangerous and i have to choose the “keep” choice thus rendering the .exe useless being not fully downloaded how do i turn off smartscreen in win8

http://www.howtogeek.com/75356/how-to-turn-off-or-disable-the-smartscreen-filter-in-windows-8/

In my best knowledge i think i have got rid of ASC maybe it’s a system tray leftover idk

It still says frst64 is not commonly downloaded and could be harmful. :

Let me know if the problem is resolved after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKCU\...\Run: [Startup] - C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo.exe [3940206 2014-11-12] (Soft ) MountPoints2: {38cb3c23-82f3-11e3-be80-1078d2456fc1} - "G:\Windows/AutoRun.exe" MountPoints2: {5a6bb0cc-2acd-11e3-be68-1078d2456fc1} - "G:\Autorun.EXE" 2014-11-12 16:29 - 2014-11-12 16:42 - 03940206 _____ (Soft ) C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo.exe 2014-11-12 16:42 - 2014-11-12 16:29 - 03940206 _____ (Soft ) C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo.exe Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo.exe EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

There you are lol Thanks
here

In a full search i have deleted some the photo app folder but it pops up in some non-existant drive/disk in the next repeated searches
here for example

Please do not do anything by yourself, just follow essexboy’s instructions.

Got It :slight_smile: